diff options
91 files changed, 1046 insertions, 87 deletions
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index f9693c9d75..28d3597923 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -236,6 +236,10 @@ for use:: > ~/oom/kubernetes/robot/ete-k8s.sh onap health + Launch Robot distribute health checks to verify whether ONAP runtime components are healthy:: + + > ~/oom/kubernetes/robot/ete-k8s.sh onap healthdist + **Step 10.** Undeploy ONAP :: diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore new file mode 100644 index 0000000000..bc3a4f1ee0 --- /dev/null +++ b/kubernetes/.gitignore @@ -0,0 +1 @@ +chartstorage/ diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml index f5931d50ed..1e08aaf3cd 100644 --- a/kubernetes/cli/requirements.yaml +++ b/kubernetes/cli/requirements.yaml @@ -19,3 +19,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 0823daffb6..74b2d2df37 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index bf3ba5b099..6e711c51c0 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -17,12 +17,10 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/cli:6.0.0 pullPolicy: Always flavor: small diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index f6feee6e06..c22f9731b5 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -14,7 +14,7 @@ global: platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related @@ -29,5 +29,5 @@ global: keystorePassword: "secret" truststorePassword: "secret" certPostProcessor: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1 diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml index 19d872fe12..ec51a80d5e 100644 --- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml +++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml @@ -60,19 +60,19 @@ <int>1</int> </void> <void method="add"> - <int>0</int> + <int>3</int> </void> <void method="add"> <int>3</int> </void> <void method="add"> - <int>0</int> + <int>3</int> </void> <void method="add"> <int>0</int> </void> <void method="add"> - <int>0</int> + <int>3</int> </void> <void method="add"> <int>0</int> @@ -354,6 +354,33 @@ <void method="add"> <int>1802</int> </void> + <void method="add"> + <int>1700</int> + </void> + <void method="add"> + <int>1701</int> + </void> + <void method="add"> + <int>1702</int> + </void> + <void method="add"> + <int>1900</int> + </void> + <void method="add"> + <int>1901</int> + </void> + <void method="add"> + <int>1902</int> + </void> + <void method="add"> + <int>2100</int> + </void> + <void method="add"> + <int>2101</int> + </void> + <void method="add"> + <int>2102</int> + </void> </object> </void> <void method="put"> @@ -570,7 +597,7 @@ </void> <void method="put"> <int>37</int> - <string>-1501801709</string> + <string>-29939301</string> </void> <void method="put"> <int>20037</int> @@ -932,5 +959,149 @@ <int>30218</int> <boolean>true</boolean> </void> + <void method="put"> + <int>17</int> + <string></string> + </void> + <void method="put"> + <int>20017</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10017</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30017</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>117</int> + <string></string> + </void> + <void method="put"> + <int>20117</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10117</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30117</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>217</int> + <string></string> + </void> + <void method="put"> + <int>20217</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10217</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30217</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>19</int> + <string></string> + </void> + <void method="put"> + <int>20019</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10019</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30019</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>119</int> + <string></string> + </void> + <void method="put"> + <int>20119</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10119</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30119</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>219</int> + <string></string> + </void> + <void method="put"> + <int>20219</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10219</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30219</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>21</int> + <string></string> + </void> + <void method="put"> + <int>20021</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10021</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30021</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>121</int> + <string></string> + </void> + <void method="put"> + <int>20121</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10121</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30121</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>221</int> + <string></string> + </void> + <void method="put"> + <int>20221</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10221</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30221</int> + <boolean>true</boolean> + </void> </object> </java> diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index 568d6f77c9..5e37856d19 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -54,7 +54,7 @@ "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}", "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}" }, - "truststore_merger": { + "cert_post_processor": { "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" } -}
\ No newline at end of file +} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index 08a3c357ba..0108d9a8ce 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -25,6 +25,6 @@ use_tls: true security_ssl_disable: false external_cert_ca_name: "RA" external_cert_common_name: "dcae-hv-ves-collector" -external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_sans: "dcae-hv-ves-collector,hv-ves-collector,hv-ves" external_cert_cert_type: "JKS" external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index e09e37dd31..c284612c79 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -40,6 +40,6 @@ ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.me user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" external_cert_ca_name: "RA" external_cert_common_name: "dcae-ves-collector" -external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_sans: "dcae-ves-collector,ves-collector,ves" external_cert_cert_type: "JKS" external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 668dcc7e18..a3bff07fb2 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -103,7 +103,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -115,7 +115,7 @@ componentImages: ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index fd4e1217c4..c13d3cebe6 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -49,7 +49,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml b/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml index 6a0e6d2e3d..b778af8564 100644 --- a/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml +++ b/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml @@ -26,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: diff --git a/kubernetes/log/components/log-kibana/templates/deployment.yaml b/kubernetes/log/components/log-kibana/templates/deployment.yaml index a1824d2509..5e3dc98f84 100644 --- a/kubernetes/log/components/log-kibana/templates/deployment.yaml +++ b/kubernetes/log/components/log-kibana/templates/deployment.yaml @@ -26,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: diff --git a/kubernetes/log/components/log-logstash/templates/deployment.yaml b/kubernetes/log/components/log-logstash/templates/deployment.yaml index 566c7a3b10..92817fac88 100644 --- a/kubernetes/log/components/log-logstash/templates/deployment.yaml +++ b/kubernetes/log/components/log-logstash/templates/deployment.yaml @@ -26,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: diff --git a/kubernetes/msb/Makefile b/kubernetes/msb/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/msb/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/msb/charts/msb-iag/requirements.yaml b/kubernetes/msb/charts/msb-iag/requirements.yaml deleted file mode 100644 index 6cc26cd239..0000000000 --- a/kubernetes/msb/charts/msb-iag/requirements.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' diff --git a/kubernetes/msb/components/Makefile b/kubernetes/msb/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/msb/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/msb/charts/kube2msb/.helmignore b/kubernetes/msb/components/kube2msb/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/msb/charts/kube2msb/.helmignore +++ b/kubernetes/msb/components/kube2msb/.helmignore diff --git a/kubernetes/msb/charts/kube2msb/Chart.yaml b/kubernetes/msb/components/kube2msb/Chart.yaml index 10c9818098..10c9818098 100644 --- a/kubernetes/msb/charts/kube2msb/Chart.yaml +++ b/kubernetes/msb/components/kube2msb/Chart.yaml diff --git a/kubernetes/msb/charts/msb-eag/requirements.yaml b/kubernetes/msb/components/kube2msb/requirements.yaml index 6cc26cd239..467a52ab21 100644 --- a/kubernetes/msb/charts/msb-eag/requirements.yaml +++ b/kubernetes/msb/components/kube2msb/requirements.yaml @@ -15,3 +15,6 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/charts/kube2msb/templates/deployment.yaml b/kubernetes/msb/components/kube2msb/templates/deployment.yaml index 3d0dcd63ba..ed99deea43 100644 --- a/kubernetes/msb/charts/kube2msb/templates/deployment.yaml +++ b/kubernetes/msb/components/kube2msb/templates/deployment.yaml @@ -49,12 +49,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: KUBE_MASTER_URL diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/components/kube2msb/values.yaml index 3c67227873..d2a0a15f49 100644 --- a/kubernetes/msb/charts/kube2msb/values.yaml +++ b/kubernetes/msb/components/kube2msb/values.yaml @@ -16,13 +16,11 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/oom/kube2msb:1.2.6 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/charts/msb-consul/.helmignore b/kubernetes/msb/components/msb-consul/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/msb/charts/msb-consul/.helmignore +++ b/kubernetes/msb/components/msb-consul/.helmignore diff --git a/kubernetes/msb/charts/msb-consul/Chart.yaml b/kubernetes/msb/components/msb-consul/Chart.yaml index fc4f22463b..fc4f22463b 100644 --- a/kubernetes/msb/charts/msb-consul/Chart.yaml +++ b/kubernetes/msb/components/msb-consul/Chart.yaml diff --git a/kubernetes/msb/charts/msb-consul/requirements.yaml b/kubernetes/msb/components/msb-consul/requirements.yaml index 6cc26cd239..467a52ab21 100644 --- a/kubernetes/msb/charts/msb-consul/requirements.yaml +++ b/kubernetes/msb/components/msb-consul/requirements.yaml @@ -15,3 +15,6 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh index 0cd46167e4..0cd46167e4 100755 --- a/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh +++ b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh diff --git a/kubernetes/msb/charts/msb-consul/templates/NOTES.txt b/kubernetes/msb/components/msb-consul/templates/NOTES.txt index e0cea22074..e0cea22074 100644 --- a/kubernetes/msb/charts/msb-consul/templates/NOTES.txt +++ b/kubernetes/msb/components/msb-consul/templates/NOTES.txt diff --git a/kubernetes/msb/charts/msb-consul/templates/configmap.yaml b/kubernetes/msb/components/msb-consul/templates/configmap.yaml index 32adcaec5f..32adcaec5f 100644 --- a/kubernetes/msb/charts/msb-consul/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-consul/templates/configmap.yaml diff --git a/kubernetes/msb/charts/msb-consul/templates/deployment.yaml b/kubernetes/msb/components/msb-consul/templates/deployment.yaml index c7472cca72..97dd1781f2 100644 --- a/kubernetes/msb/charts/msb-consul/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-consul/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: serviceAccountName: msb containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.dockerHubRepository | default .Values.dockerHubRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} diff --git a/kubernetes/msb/charts/msb-consul/templates/ingress.yaml b/kubernetes/msb/components/msb-consul/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/msb/charts/msb-consul/templates/ingress.yaml +++ b/kubernetes/msb/components/msb-consul/templates/ingress.yaml diff --git a/kubernetes/msb/charts/msb-consul/templates/service.yaml b/kubernetes/msb/components/msb-consul/templates/service.yaml index af735b6e74..af735b6e74 100644 --- a/kubernetes/msb/charts/msb-consul/templates/service.yaml +++ b/kubernetes/msb/components/msb-consul/templates/service.yaml diff --git a/kubernetes/msb/charts/msb-consul/values.yaml b/kubernetes/msb/components/msb-consul/values.yaml index 4704f3b24d..1c7fa38171 100644 --- a/kubernetes/msb/charts/msb-consul/values.yaml +++ b/kubernetes/msb/components/msb-consul/values.yaml @@ -21,7 +21,6 @@ global: # Application configuration defaults. ################################################################# # application image -dockerHubRepository: docker.io image: library/consul:1.4.3 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/charts/msb-discovery/.helmignore b/kubernetes/msb/components/msb-discovery/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/msb/charts/msb-discovery/.helmignore +++ b/kubernetes/msb/components/msb-discovery/.helmignore diff --git a/kubernetes/msb/charts/msb-discovery/Chart.yaml b/kubernetes/msb/components/msb-discovery/Chart.yaml index 527af56f06..527af56f06 100644 --- a/kubernetes/msb/charts/msb-discovery/Chart.yaml +++ b/kubernetes/msb/components/msb-discovery/Chart.yaml diff --git a/kubernetes/msb/components/msb-discovery/requirements.yaml b/kubernetes/msb/components/msb-discovery/requirements.yaml new file mode 100644 index 0000000000..467a52ab21 --- /dev/null +++ b/kubernetes/msb/components/msb-discovery/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada , ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/components/msb-discovery/resources/config/logback.xml index 3781d96328..3781d96328 100644 --- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml +++ b/kubernetes/msb/components/msb-discovery/resources/config/logback.xml diff --git a/kubernetes/msb/charts/msb-discovery/templates/NOTES.txt b/kubernetes/msb/components/msb-discovery/templates/NOTES.txt index e0cea22074..e0cea22074 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/NOTES.txt +++ b/kubernetes/msb/components/msb-discovery/templates/NOTES.txt diff --git a/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml b/kubernetes/msb/components/msb-discovery/templates/configmap.yaml index 33c77e5eae..33c77e5eae 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-discovery/templates/configmap.yaml diff --git a/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml index bcb9da55a1..e5e5f9eb0f 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml @@ -49,12 +49,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -94,7 +94,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/msb/charts/msb-discovery/templates/ingress.yaml b/kubernetes/msb/components/msb-discovery/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/ingress.yaml +++ b/kubernetes/msb/components/msb-discovery/templates/ingress.yaml diff --git a/kubernetes/msb/charts/msb-discovery/templates/service.yaml b/kubernetes/msb/components/msb-discovery/templates/service.yaml index af735b6e74..af735b6e74 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/service.yaml +++ b/kubernetes/msb/components/msb-discovery/templates/service.yaml diff --git a/kubernetes/msb/charts/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml index 4ac27a8f9d..994e84b722 100644 --- a/kubernetes/msb/charts/msb-discovery/values.yaml +++ b/kubernetes/msb/components/msb-discovery/values.yaml @@ -16,13 +16,11 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/msb/msb_discovery:1.2.6 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/charts/msb-eag/.helmignore b/kubernetes/msb/components/msb-eag/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/msb/charts/msb-eag/.helmignore +++ b/kubernetes/msb/components/msb-eag/.helmignore diff --git a/kubernetes/msb/charts/msb-eag/Chart.yaml b/kubernetes/msb/components/msb-eag/Chart.yaml index c1843627a8..c1843627a8 100644 --- a/kubernetes/msb/charts/msb-eag/Chart.yaml +++ b/kubernetes/msb/components/msb-eag/Chart.yaml diff --git a/kubernetes/msb/charts/msb-discovery/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml index 6cc26cd239..c59eb6fdf9 100644 --- a/kubernetes/msb/charts/msb-discovery/requirements.yaml +++ b/kubernetes/msb/components/msb-eag/requirements.yaml @@ -15,3 +15,6 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/msb/charts/msb-eag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml index 680cb7357a..680cb7357a 100644 --- a/kubernetes/msb/charts/msb-eag/resources/config/log/logback.xml +++ b/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/logback.xml index 6dc4443d6e..6dc4443d6e 100644 --- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml +++ b/kubernetes/msb/components/msb-eag/resources/config/logback.xml diff --git a/kubernetes/msb/charts/msb-eag/templates/NOTES.txt b/kubernetes/msb/components/msb-eag/templates/NOTES.txt index e0cea22074..e0cea22074 100644 --- a/kubernetes/msb/charts/msb-eag/templates/NOTES.txt +++ b/kubernetes/msb/components/msb-eag/templates/NOTES.txt diff --git a/kubernetes/msb/charts/msb-eag/templates/configmap.yaml b/kubernetes/msb/components/msb-eag/templates/configmap.yaml index 33c77e5eae..33c77e5eae 100644 --- a/kubernetes/msb/charts/msb-eag/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-eag/templates/configmap.yaml diff --git a/kubernetes/msb/charts/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml index 8ce19fb304..36cb13dc52 100644 --- a/kubernetes/msb/charts/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml @@ -49,12 +49,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -108,7 +108,7 @@ spec: {{- end }} # side car containers - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/msb/charts/msb-eag/templates/ingress.yaml b/kubernetes/msb/components/msb-eag/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/msb/charts/msb-eag/templates/ingress.yaml +++ b/kubernetes/msb/components/msb-eag/templates/ingress.yaml diff --git a/kubernetes/msb/charts/msb-eag/templates/service.yaml b/kubernetes/msb/components/msb-eag/templates/service.yaml index e8e3a8a947..e8e3a8a947 100644 --- a/kubernetes/msb/charts/msb-eag/templates/service.yaml +++ b/kubernetes/msb/components/msb-eag/templates/service.yaml diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index f63964cd15..b8813b8f1a 100644 --- a/kubernetes/msb/charts/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -16,13 +16,11 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/charts/msb-iag/.helmignore b/kubernetes/msb/components/msb-iag/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/msb/charts/msb-iag/.helmignore +++ b/kubernetes/msb/components/msb-iag/.helmignore diff --git a/kubernetes/msb/charts/msb-iag/Chart.yaml b/kubernetes/msb/components/msb-iag/Chart.yaml index 9b8d56c3a3..9b8d56c3a3 100644 --- a/kubernetes/msb/charts/msb-iag/Chart.yaml +++ b/kubernetes/msb/components/msb-iag/Chart.yaml diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml new file mode 100644 index 0000000000..467a52ab21 --- /dev/null +++ b/kubernetes/msb/components/msb-iag/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada , ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/charts/msb-iag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml index 680cb7357a..680cb7357a 100644 --- a/kubernetes/msb/charts/msb-iag/resources/config/log/logback.xml +++ b/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/logback.xml index 65ff43485a..65ff43485a 100644 --- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml +++ b/kubernetes/msb/components/msb-iag/resources/config/logback.xml diff --git a/kubernetes/msb/charts/msb-iag/templates/NOTES.txt b/kubernetes/msb/components/msb-iag/templates/NOTES.txt index e0cea22074..e0cea22074 100644 --- a/kubernetes/msb/charts/msb-iag/templates/NOTES.txt +++ b/kubernetes/msb/components/msb-iag/templates/NOTES.txt diff --git a/kubernetes/msb/charts/msb-iag/templates/configmap.yaml b/kubernetes/msb/components/msb-iag/templates/configmap.yaml index 33c77e5eae..33c77e5eae 100644 --- a/kubernetes/msb/charts/msb-iag/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-iag/templates/configmap.yaml diff --git a/kubernetes/msb/charts/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 42f36cd279..00dc6b69b3 100644 --- a/kubernetes/msb/charts/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -49,12 +49,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -108,7 +108,7 @@ spec: {{- end }} # side car containers - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/msb/charts/msb-iag/templates/ingress.yaml b/kubernetes/msb/components/msb-iag/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/msb/charts/msb-iag/templates/ingress.yaml +++ b/kubernetes/msb/components/msb-iag/templates/ingress.yaml diff --git a/kubernetes/msb/charts/msb-iag/templates/service.yaml b/kubernetes/msb/components/msb-iag/templates/service.yaml index e8e3a8a947..e8e3a8a947 100644 --- a/kubernetes/msb/charts/msb-iag/templates/service.yaml +++ b/kubernetes/msb/components/msb-iag/templates/service.yaml diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index b1f19c9448..b91ddcae1b 100644 --- a/kubernetes/msb/charts/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -16,13 +16,11 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/requirements.yaml b/kubernetes/msb/requirements.yaml index 6cc26cd239..c52bec4944 100644 --- a/kubernetes/msb/requirements.yaml +++ b/kubernetes/msb/requirements.yaml @@ -15,3 +15,21 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' + - name: kube2msb + version: ~7.x-0 + repository: 'file://components/kube2msb' + - name: msb-consul + version: ~7.x-0 + repository: 'file://components/msb-consul' + - name: msb-discovery + version: ~7.x-0 + repository: 'file://components/msb-discovery' + - name: msb-eag + version: ~7.x-0 + repository: 'file://components/msb-eag' + - name: msb-iag + version: ~7.x-0 + repository: 'file://components/msb-iag'
\ No newline at end of file diff --git a/kubernetes/msb/values.yaml b/kubernetes/msb/values.yaml index 27fc008a5a..739fcea9d2 100644 --- a/kubernetes/msb/values.yaml +++ b/kubernetes/msb/values.yaml @@ -18,8 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 # application configuration config: diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index a9be436ae5..fceda43e73 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 name: onap version: 7.0.0 -appVersion: Frankfurt +appVersion: Guilin description: Open Network Automation Platform (ONAP) home: https://www.onap.org/ sources: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 3c8b1e9d90..5b29afc194 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -164,7 +164,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ diff --git a/kubernetes/platform/components/cmpv2-cert-provider/.helmignore b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml new file mode 100644 index 0000000000..38446f1bfa --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP CMPv2 certificate external provider for cert-manager +name: cmpv2-cert-provider +version: 7.0.0 diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml new file mode 100644 index 0000000000..0bc24afe86 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml @@ -0,0 +1,138 @@ +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cmpv2issuers.certmanager.onap.org +spec: + group: certmanager.onap.org + names: + kind: CMPv2Issuer + listKind: CMPv2IssuerList + plural: cmpv2issuers + singular: cmpv2issuer + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: CMPv2Issuer is the Schema for the cmpv2issuers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CMPv2IssuerSpec defines the desired state of CMPv2Issuer + properties: + url: + description: URL to CertService API. + type: string + healthEndpoint: + description: Path of health check endpoint. + type: string + certEndpoint: + description: Path of cerfificate signing enpoint. + type: string + caName: + description: Name of the external CA server configured on CertService API side. + type: string + certSecretRef: + description: Reference to K8s secret which contains certificate, private key and CA certificate + needed to connect to CertService API (which requires client certificate authentication) + properties: + name: + description: The name of K8s secret to select certificates from. Secret must be in the same + namespace as CMPv2Issuer. + type: string + keyRef: + description: The key of the secret to select private key from. Must be a + valid secret key. + type: string + certRef: + description: The key of the secret to select cert from. Must be a + valid secret key. + type: string + cacertRef: + description: The key of the secret to select cacert from. Must be a + valid secret key. + type: string + required: + - name + - keyRef + - certRef + - cacertRef + type: object + required: + - url + - healthEndpoint + - certEndpoint + - caName + - certSecretRef + type: object + status: + description: CMPv2IssuerStatus defines the observed state of CMPv2Issuer + properties: + conditions: + items: + description: CMPv2IssuerCondition contains condition information for + the certservice issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + allOf: + - enum: + - "True" + - "False" + - Unknown + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + enum: + - Ready + type: string + required: + - status + - type + type: object + type: array + type: object + type: object diff --git a/kubernetes/msb/charts/kube2msb/requirements.yaml b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml index 6cc26cd239..def35866d7 100644 --- a/kubernetes/msb/charts/kube2msb/requirements.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml @@ -1,5 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# +# Copyright © 2020 Nokia # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,7 +10,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -dependencies: + + dependencies: - name: common version: ~7.x-0 repository: '@local' diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml new file mode 100644 index 0000000000..9ba61a5f57 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml @@ -0,0 +1,34 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: certmanager.onap.org/v1 +kind: CMPv2Issuer +metadata: + name: {{ .Values.cmpv2issuer.name }} + namespace: {{ include "common.namespace" . }} +spec: + url: {{ .Values.cmpv2issuer.url }} + healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }} + certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }} + caName: {{ .Values.cmpv2issuer.caName }} + certSecretRef: + name: {{ .Values.cmpv2issuer.certSecretRef.name }} + keyRef: {{ .Values.cmpv2issuer.certSecretRef.keyRef }} + certRef: {{ .Values.cmpv2issuer.certSecretRef.certRef }} + cacertRef: {{ .Values.cmpv2issuer.certSecretRef.cacertRef }} +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml new file mode 100644 index 0000000000..3f0027f1be --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml @@ -0,0 +1,71 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - name: {{ .Values.deploymentProxy.name }} + image: {{ .Values.deploymentProxy.image }} + imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }} + args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + ports: + - containerPort: 8443 + name: https + resources: + limits: + cpu: {{ .Values.deploymentProxy.resources.limits.cpu }} + memory: {{ .Values.deploymentProxy.resources.limits.memory }} + requests: + cpu: {{ .Values.deploymentProxy.resources.requests.cpu }} + memory: {{ .Values.deploymentProxy.resources.requests.memory }} + - name: provider + image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }} + imagePullPolicy: {{ .Values.deployment.pullPolicy }} + command: + - /oom-certservice-cmpv2issuer + args: + - --metrics-addr=127.0.0.1:8080 + - --log-level={{ .Values.deployment.logLevel }} + resources: + limits: + cpu: {{ .Values.deployment.resources.limits.cpu }} + memory: {{ .Values.deployment.resources.limits.memory }} + requests: + cpu: {{ .Values.deployment.resources.requests.cpu }} + memory: {{ .Values.deployment.resources.requests.memory }} + terminationGracePeriodSeconds: 10 +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml new file mode 100644 index 0000000000..add5622f41 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml @@ -0,0 +1,167 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cmpv2-issuer-leader-election-role + namespace: {{ include "common.namespace" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cmpv2-issuer-manager-role +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + verbs: + - get + - list + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + verbs: + - get + - patch + - update + - apiGroups: + - certmanager.onap.org + resources: + - cmpv2issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - certmanager.onap.org + resources: + - cmpv2issuers/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cmpv2-issuer-proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cmpv2-issuer-leader-election-rolebinding + namespace: {{ include "common.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cmpv2-issuer-leader-election-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cmpv2-issuer-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cmpv2-issuer-manager-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cmpv2-issuer-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cmpv2-issuer-proxy-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml new file mode 100644 index 0000000000..152bd68ba6 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml @@ -0,0 +1,38 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + control-plane: controller-manager + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.ports.name }} + port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.targetPort }} + selector: + control-plane: controller-manager +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml new file mode 100644 index 0000000000..5ea763a812 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -0,0 +1,79 @@ +# Copyright © 2020, Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global +global: + nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest + repository: "nexus3.onap.org:10001" + CMPv2CertManagerIntegration: false + +namespace: onap + +# Service configuration +service: + name: oom-certservice-cmpv2issuer-metrics-service + type: ClusterIP + ports: + name: https + port: 8443 + targetPort: https + +# Deployment configuration +deployment: + name: oom-certservice-cmpv2issuer + image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0 + proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + # fol local development use IfNotPresent + pullPolicy: Always + logLevel: debug + resources: + limits: + cpu: 250m + memory: 128Mi + requests: + cpu: 100m + memory: 64Mi +deploymentProxy: + name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + pullPolicy: IfNotPresent + resources: + limits: + cpu: 250m + memory: 128Mi + requests: + cpu: 50m + memory: 32Mi + +# CMPv2Issuer +cmpv2issuer: + name: cmpv2-issuer-onap + url: https://oom-cert-service:8443 + healthcheckEndpoint: actuator/health + certEndpoint: v1/certificate + caName: RA + certSecretRef: + name: cmpv2-issuer-secret + certRef: certServiceServer-cert.pem + keyRef: certServiceServer-key.pem + cacertRef: truststore.pem + + + + diff --git a/kubernetes/platform/components/oom-cert-service/.gitignore b/kubernetes/platform/components/oom-cert-service/.gitignore new file mode 100644 index 0000000000..d5e121c17d --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/.gitignore @@ -0,0 +1,5 @@ +resources/*.jks +resources/*.pem +resources/*.p12 +resources/*.crt +resources/*.csr diff --git a/kubernetes/platform/components/oom-cert-service/.helmignore b/kubernetes/platform/components/oom-cert-service/.helmignore index 50af031725..5d9272cd5d 100644 --- a/kubernetes/platform/components/oom-cert-service/.helmignore +++ b/kubernetes/platform/components/oom-cert-service/.helmignore @@ -20,3 +20,4 @@ .idea/ *.tmproj .vscode/ + diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile index 736a19fbd4..ea0cb8aae4 100644 --- a/kubernetes/platform/components/oom-cert-service/Makefile +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -19,6 +19,10 @@ all: start_docker \ server_import_root_certificate \ server_convert_certificate_to_jks \ server_convert_certificate_to_p12 \ + convert_truststore_to_p12 \ + convert_truststore_to_pem \ + server_export_certificate_to_pem \ + server_export_key_to_pem \ clear_unused_files \ stop_docker @@ -32,7 +36,7 @@ start_docker: $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) $(eval USERNAME :=$(shell id -u)) $(eval GROUP :=$(shell id -g)) - docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE) # Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted stop_docker: @@ -46,7 +50,7 @@ clear_all: #Clear certificates clear_existing_certificates: @echo "Clear certificates" - ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem @echo "#####done#####" #Generate root private and public keys @@ -146,8 +150,34 @@ server_convert_certificate_to_p12: -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret @echo "#####done#####" +#Convert truststore(.jks) to PCKS12 format(.p12) +convert_truststore_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \ + -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Convert truststore(.p12) to PEM format(.pem) +convert_truststore_to_pem: + @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret + @echo "#####done#####" + +#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem) +server_export_certificate_to_pem: + @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem + @echo "#####done#####" + +#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem) +server_export_key_to_pem: + @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem + @echo "#####done#####" + + #Clear unused certificates clear_unused_files: @echo "Clear unused certificates" - ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12 @echo "#####done#####" diff --git a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json index 358f2a82c7..c6d76c1f57 100644 --- a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json @@ -1,3 +1,3 @@ { "cmpv2Servers": [] -}
\ No newline at end of file +} diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml index 280922a014..2d47e6f57c 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml @@ -53,4 +53,17 @@ data: {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} root.crt: {{ (.Files.Glob "resources/root.crt").AsSecrets }} -{{ end -}}
\ No newline at end of file +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tls.provider.secret.name }} +type: Opaque +data: + certServiceServer-key.pem: + {{ (.Files.Glob "resources/certServiceServer-key.pem").AsSecrets }} + certServiceServer-cert.pem: + {{ (.Files.Glob "resources/certServiceServer-cert.pem").AsSecrets }} + truststore.pem: + {{ (.Files.Glob "resources/truststore.pem").AsSecrets }} +{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index ee51ec7a7d..bd415c06b1 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -34,11 +34,11 @@ service: port_protocol: http # Certificates generation configuration -certificateGenerationImage: onap/integration-java11:7.1.0 +certificateGenerationImage: onap/integration-java11:7.2.0 # Deployment configuration repository: "nexus3.onap.org:10001" -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1 pullPolicy: Always replicaCount: 1 @@ -88,14 +88,19 @@ tls: client: secret: defaultName: oom-cert-service-client-tls-secret + provider: + secret: + name: cmpv2-issuer-secret envs: keystore: jksName: certServiceServer-keystore.jks p12Name: certServiceServer-keystore.p12 + pemName: certServiceServer-keystore.pem truststore: jksName: truststore.jks crtName: root.crt + pemName: truststore.pem httpsPort: 8443 # External secrets with credentials can be provided to override default credentials defined below, diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml index a7ff4de4e1..7ddef473db 100644 --- a/kubernetes/platform/requirements.yaml +++ b/kubernetes/platform/requirements.yaml @@ -18,4 +18,7 @@ dependencies: - name: oom-cert-service version: ~7.x-0 - repository: 'file://components/oom-cert-service'
\ No newline at end of file + repository: 'file://components/oom-cert-service' + - name: cmpv2-cert-provider + version: ~7.x-0 + repository: 'file://components/cmpv2-cert-provider' diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 4b76d896522b113eff620a732a6ce7b363529f7 +Subproject 85b5af5058bbda19b557add185d917f60c2188e diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index edac61b24e..7282f305c5 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -33,7 +33,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index 66497e1afa..cc22dc97c3 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -17,10 +17,19 @@ /certificates/msb-ca.crt -keystore \ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ -storepass $cadi_truststore_password -noprompt - keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ - -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ - -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ - -deststorepass $cadi_truststore_password -noprompt + export EXIT_VALUE=$? + if [ "${EXIT_VALUE}" != "0" ] + then + echo "issue with password: $cadi_truststore_password" + exit $EXIT_VALUE + else + keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ + -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ + -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -deststorepass $cadi_truststore_password -noprompt + export EXIT_VALUE=$? + fi + exit $EXIT_VALUE volumeMounts: {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} - name: {{ include "common.name" $dot }}-msb-certificate diff --git a/kubernetes/vid/requirements.yaml b/kubernetes/vid/requirements.yaml index a3b349dda8..c6554cada2 100644 --- a/kubernetes/vid/requirements.yaml +++ b/kubernetes/vid/requirements.yaml @@ -27,4 +27,7 @@ dependencies: version: ~7.x-0 repository: '@local' condition: not global.mariadbGalera.localCluster + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 41b0019cbe..856a853960 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -48,12 +48,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -139,7 +139,7 @@ spec: {{- end }} # side car containers - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 93de57e4b3..47cd73aff2 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -18,9 +18,6 @@ # Declare variables to be passed into your templates. global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 mariadbGalera: &mariadbGalera #This flag allows VID to instantiate its own mariadb-galera cluster localCluster: false @@ -43,7 +40,6 @@ subChartsOnly: enabled: true # application image -repository: nexus3.onap.org:10001 image: onap/vid:7.0.0 pullPolicy: Always @@ -70,8 +66,8 @@ config: roleaccesscentralized: remote mariadb-galera: - # '&mariadbConfig' means we "store" the values for later use in the file - # with '*mariadbConfig' pointer. + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. config: &mariadbConfig userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret' mysqlDatabase: vid_openecomp_epsdk @@ -127,11 +123,11 @@ service: ingress: enabled: false service: - - baseaddr: "vid.api" - name: "vid-http" - port: 8443 + - baseaddr: "vid.api" + name: "vid-http" + port: 8443 config: - ssl: "redirect" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small |